<?php
/**  class.authenticator.php
 * 
 * Auth users and all that jazz.
 * 
 * @author Ted, tass2001-at-gmail-dot-com
 * @package phpsimpleblog
 * @version $Id: class.authenticator.php 13 2013-03-31 02:20:53Z tass2001@gmail.com $
 * @website https://code.google.com/p/phpsimpleblog/
 */
class Authenticator extends BlogBase{
    protected $user_data = false; // #< This variable will hold all important user info that we don't want leaking out of the class
    
    /* Construct our authentication class. We will also initiate our parent::__construct() so that the base classes can be loaded.*/
    public function __construct(){
        parent::__construct();
	$this->username  = false;
    }
    
    /* Grab the users data from the DB
     * @return Array The users data from the DB.
     */
    private function __getUserData(){
	if(!$this->user_data){
	    $user_query = $this->db->query(sprintf("SELECT * FROM %s WHERE username='%s'",USERS_TABLE,$this->username));
	    $user_data = $user_query->fetch_assoc();
	    $this->user_data  = ($user_data['username']) ? $user_data : false;
	}
	return $this->user_data;
    }
    
    /* Return basic information about the user for use outside this class
     * @return Array	Basic information about the user
     */
    private function __getUserInfo(){
	return array('ID' => $this->user_data['ID'],'username' => $this->user_data['username'], 'name' => $this->user_data['name']);
    }
    
    /* This function should *ONLY* be called on a successful login. We will create cookies to spit back to the users browser
     * @return String	JSON encoded array of success
     */
    private function __setCookie($time_now){
	setcookie('psb_uuid',$this->user_data['username']);
	setcookie('psb_akh',hash('sha1',sprintf('%s%s',$this->user_data['uuid'],$time_now)));
        return json_encode(array('logged_in' => true));
    }
    
    /* Return an error when the user login fails
     * @return JSON Encoded string with user failure info
     */
    public function failedLogin(){
	return json_encode(array('logged_in' => false));
    }
    
    /* Verify the users cookie grants them authentication
     * @return Bool True when authorized and False when not.
     */
    public function checkCookie(){
	if(isset($_COOKIE['psb_akh']) && isset($_COOKIE['psb_uuid'])){
	    $this->username = $this->esc($_COOKIE['psb_uuid']);
	    $user_data = $this->__getUserData();
	    if($user_data)
		return (hash('sha1',sprintf('%s%s',$user_data['uuid'],$user_data['last_login'])) === $_COOKIE['psb_akh']) ? serialize($this->__getUserInfo()) : false;
	}
	return false;
    }

    /* Verify the users credentials. I chose LDAP, this can easily be fitted to use a SQL backend strictly - just return a bool
     * @param String $username	The operators name
     * @param String $password	The operators password
     * @return Bool True/False on correct login
     */
    public function checkCredentials($username,$password){
	if(!$username || !$password)
	    return $this->failedLogin();
	$this->username = $this->esc($username);
	$user_data = $this->__getUserData();
	if($user_data){
	    $user_data = $this->__getUserData();
	    if(hash('sha512',$password)  === $user_data['password']){
	        $time_now = date('Y-m-d H:i:s',time());
	        $this->db->query(sprintf("UPDATE %s SET last_login='%s' WHERE ID='%s'",USERS_TABLE,$time_now,$user_data['ID']));
	        return $this->__setCookie($time_now);
	    }
	}
	return $this->failedLogin();
    }
}
?>